2. Patient Privacy Training Process
What training could you as a
manager put into place to avoid this
situation?
1. Formulate a HIPAA Compliance
Plan
2. Perform risk assessment’s
3. Enforce Privacy and Security Policy
Procedures
4. Required Mandatory annual
training (including new hires)
5. Actions and Consequences
3. HIPAA COMPLIANCE PLAN
The first step as a manager would be to
consult with the corporate compliance
officer to initiate an internal audit of all
the staff members who may have been
in contact with the celebrities.
This process will let the manager know
who was on staff during the time of
admission and the number of times the
patients records were viewed including
logging information and treatments and
changes to medical conditions
4. Risk Assessment
The manager should conduct a risk assessment on the work
place and electronic devices to assess the potential risks and
vulnerabilities to the confidentiality, integrity and availability
of Protected Health Information (PHI) under covered entities.
This also include checking to see how many employees
viewed the information using the same password
5. Privacy and Security Policy Procedures
• Under the HIPAA Privacy Rule
covered entities must train all members of its workforce as necessary and
appropriate for the members of the workforce to carry out their functions.
Under the Security Rule and Regulation
implement a security awareness and training program for all members of its
workforce [including management].
Care providers are required to provide all individuals affected by any such
breaches with a description of the incident, including information about what
steps they should take to protect themselves and what steps the care provider
will take to recover the loss and avoid further breaches.
6. Mandatory Annual Training
Basic privacy and security training should be provided before an
individual obtains access to confidential or personal information. At a
minimum, the principles should be conveyed at least annually
thereafter.
Training also may be needed after changes in policies; following
increases in levels of access or sensitivity of information; to react to
changes in technology; and following a security incident and other
situations, such as a merger or acquisition.
All Employee will be required to take a mandatory annual course on
Corporate Compliances, HIPAA laws and rules, Privacy and Security
laws
7. Actions & Consequences
Ensuring the privacy and security of
patient information needs to be a
paramount concern at all times. While it
is impossible to control all the actions of
employees, organizations can and must
take reasonable and appropriate action
to secure information as much as
possible.
Illegally accessing and giving leaking
patient health information without
written permission regardless of
celebrity status will result in severe
disciplinary actions which may include
the loss of licensures and termination of
employment
8. References:
Fisher, M., 2018 ”Employer liability and the legal
consequences of violating patient data privacy”
Retrieved from:
https://medcitynews.com/2018/11/employer-
liability-and-the-legal-consequences-of-violating-
patient-data-privacy/?rf=1
Fox News. (2008). Report Over 120 UCLA hospital
staff saw celebrity health records Retrieved from
http://www.foxnews.com/story/0,2933,398784,0
0.html